Unsecured wireless networks at hotels have proven to be ideal places for hackers to commit a wide variety of crimes.
In 2008, at the luxury Thompson Hotel chain, a hacker captured personal and sensitive emails sent by guests and staff members over its wireless network and threatened to make them public.
Hackers staying at hotels or parked nearby have exploited the anonymity of hotel wireless networks to download child pornography. In 2009, a Florida man was arrested for using hotel WiFi to download kiddie porn from his truck parked outside. According to Hernando Today, a publication of Tampa Bay Online, when the man’s gaming device was confiscated as evidence, what local authorities found stored on it was 96 images of prepubescent children engaged in sex acts. The time stamp on the images matched the time that the man was outside the hotel.
WiFi hacks like that aren’t the only security threat we face.. Road warriors looking to log on to their hotels’wireless Internet can unknowingly become online mugging victims. In 2010, The CBS Early Show had an ethical hacker set up a fake WiFi access point at a New York City hotel, calling it “Best Free Public WiFi.” Before long, dozens of unknowing wireless users took the bait and tried to log on. When an unsuspecting hotel guest connects to a phony WiFi access point like that, his credit card, banking or other confidential business information can be seen by the hacker.
Remember, just because you’re staying at a nice hotel doesn’t mean that hackers aren’t around the corner. These are some of the things you can do to protect your Internet security.
How to Hide From Hackers
Watch out for fake WiFi access points designed to look just like real hotel WiFi networks. These “Evin Twins” may even contain your hotel’s name. Check with the establishment to get the correct name.
Find out whether your hotel’s wireless network uses WPA (WiFi Protected Access) security. WPA usually requires a password to get onto the network and always encrypts everything sent over wireless. This prevents eavesdropping over wireless – but it may not stop other guests connected to the same hotspot from stealing your data.
Always assume you’re not alone on any public WiFi network. Disable file sharing, turn on your computer’s personal firewall, and never send Social Security numbers, passwords or financial information when using an unencrypted wireless connection.
When using a free hotspot, you could be sending data through someone you don’t know. When using a commercial hotspot, never supply payment information to an unsecured hotspot login page. If your web browser doesn’t display a green padlock or it warns that the login page may not be secure, use a different hotspot.
Use a VPN (virtual private network) to make all the information transmitted over your WiFi connection invisible to hackers.
Another WiFi Scam to be Careful of
When in public locations such as hotel lobbies, meeting rooms, or airports, many travelers will search for an "open" network connection to connect to. When doing so, many laptop users will let their computer search for an available wireless networks. If you see one called "Free Public WiFi" or anything similar, it has a large chance of being a scam. Many times networks found while searching will be labeled as an "Unsecured wireless network". While this may not be the most secure, you should make sure you do not see anything that says underneath the name that says "Unsecured computer-to-computer network." This can become your worst travel nightmare. As the name implies, this network connects to a computer run by a total stranger somewhere nearby. Always read the fine print when connecting in public environments.
The important point here is that when you are looking through the list of available wireless networks that you be on the lookout for ad-hoc computer-to-computer networks as opposed to normal, router-based (infrastructure) networks. If the software you use to scan for available networks does not indicate the type of network, you may want to use different software. As more people become aware of this particular network name, a bad guy may simply use another enticing name.